Advertisements

WCF service hosted behind SSL terminating load balancer

WCF service hosted behind SSL terminating load balancer

April 13, 2018 Uncategorized 0

Background

WCF services are nothing new; nothing fresh. We’ve been using them internally in my current company for years. Since they’re internal only on a closed restricted network, they’ve been hosted using message security bindings only; no transport layer security.

SSL termination

Even if we wanted to host using transport layer security or mixed security, SOAP bindings can be quite picky. They want to have the security be end-to-end. This can make things tricky when trying to do things like SSL termination in a load-balancer.

Searching for a solution for this problem proved to be difficult. Either not a lot of people have encountered this problem or I used the wrong search criteria when using Google. It could even be because the technology is so old that blogs posts have been deleted or even whole blogs discontinued by their authors. I did, however, find a single blog post on MSDN that pointed me in the right direction.

Enter the CustomBinding

In my particular problem I had to be able to programmatically  change a mixed security binding to be able to accept messages over http because of SSL termination.

Let’s say you have a binding like this and want to support SSL termination:

var binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
return binding;

You could run it through a method like this:

private Binding EnableSslTermination(Binding binding)
{
    var custom = binding as CustomBinding;
    if (custom == null)
        custom = new CustomBinding(binding);

    var security = custom.Elements.OfType();
    foreach (var element in security)
        element.AllowInsecureTransport = true;

    var https = custom
        .Elements
        .OfType()
        .Where(e => e.Scheme == "https")
        .FirstOrDefault();
    if (https != null)
    {
        var http = new HttpTransportBindingElement();
        custom.Elements.Remove(https);
        custom.Elements.Add(http);
    }
    return custom;
}

Conclusion

Like I said, WCF is not new. It is, however, new to me. I’ve been more on the REST side of the argument. I just wanted to get this knowledge out there.

Advertisements